CVE-2025-6560 is a critical vulnerability affecting multiple wireless router models from Sapido, specifically the BR071n model. This vulnerability is categorized under CWE-256, which pertains to the plaintext storage of passwords. The core issue is that these routers store administrator credentials in a system configuration file in plaintext format. Due to improper access controls, unauthenticated remote attackers can directly access this configuration file over the network without any authentication or user interaction. This allows attackers to obtain the administrator username and password in clear text, granting them full administrative control over the device. The vulnerability has a CVSS 4.0 base score of 9.3, indicating a critical severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and no scope change (S:U). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning that an attacker can fully compromise the device, manipulate configurations, intercept or redirect network traffic, and potentially use the device as a foothold for further attacks within the network. The affected devices are out of support, and no patches are available, making replacement the recommended remediation. No known exploits are currently reported in the wild, but the ease of exploitation and severity make this a high-risk vulnerability for any environment still using these devices.

For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises or home office environments that may still use Sapido BR071n routers due to cost or legacy reasons. Compromise of the router’s administrator credentials allows attackers to alter network configurations, intercept sensitive communications, deploy malicious firmware, or pivot into internal networks. This can lead to data breaches, disruption of business operations, and loss of trust. Critical infrastructure sectors relying on these devices for network connectivity could face operational disruptions or espionage risks. Since the vulnerability requires no authentication or user interaction, attackers can scan for vulnerable devices and exploit them remotely, increasing the risk of widespread compromise. The lack of vendor support and patches exacerbates the risk, as organizations cannot remediate the vulnerability through software updates, forcing reliance on device replacement or network segmentation strategies.

Given the absence of available patches and the end-of-life status of the affected Sapido BR071n routers, the primary mitigation is to replace these devices with modern, supported routers from reputable vendors that follow secure credential storage practices. Until replacement is possible, organizations should implement strict network segmentation to isolate vulnerable devices from critical assets and sensitive data. Deploying network-level access controls such as firewall rules to restrict inbound management access to trusted IP addresses can reduce exposure. Monitoring network traffic for unusual access patterns or configuration file downloads can help detect exploitation attempts. Additionally, organizations should review and update their asset inventories to identify any remaining Sapido BR071n devices. If replacement is delayed, consider disabling remote management features on these routers and changing default credentials where possible, although this may not fully mitigate the plaintext credential exposure. Finally, educating users about the risks of legacy devices and enforcing policies to phase out unsupported hardware will reduce future risks.